package com.scau.wuwei.library_system.core.service;

import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class CustomFormAuthenticationFilter extends FormAuthenticationFilter {
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpSession session = httpServletRequest.getSession();
        //先检验验证码
        String vcode = request.getParameter("vcode");
        if (vcode == null || vcode.trim().length() == 0){
            System.out.println("captchaValidateFailed -- > 验证码为空");
            request.setAttribute("shiroLoginFailure", "kaptchaValidateFailed");
            return true;//拒绝访问，不再校验账号和密码
        }

        //为了验证码大小写可用，全部转为小写
        vcode = vcode.toLowerCase();
        //保存在session正确的验证码
        String v = (String) session.getAttribute("_code");
        //用户每次登录都必须重新输入验证码
        session.removeAttribute("_come");
        if (!vcode.equals(v)) {
            System.out.println("captchaValidateFailed -- > 验证码错误");
            request.setAttribute("shiroLoginFailure", "kaptchaValidateFailed");
            return true;//拒绝访问，不再校验账号和密码
        }
        return super.onAccessDenied(request, response, mappedValue);
    }
}
